Hi Tom,
Something I''ve been meaning to mention for a while is that for the
Fedora/EPEL packages we have to fix up some of the file permissions
which are a little odd as installed by the setup scripts. Specifically
the changes we seem to need to make are:
chmod 644 $RPM_BUILD_ROOT%{_datadir}/shorewall-lite/{helpers,modules}
chmod 644 $RPM_BUILD_ROOT%{_datadir}/shorewall6-lite/{helpers,modules}
chmod 755 $RPM_BUILD_ROOT/sbin/shorewall-lite
chmod 755 $RPM_BUILD_ROOT/sbin/shorewall6-lite
chmod 644 $RPM_BUILD_ROOT%{_sysconfdir}/shorewall-lite/shorewall-lite.conf
chmod 644 $RPM_BUILD_ROOT%{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf
chmod 755 $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall
I''m not sure if this is something you would want to fix in the scripts
as you probably have good reasons for chosing the permissions you do,
but I thought I''d mention it.
Cheers,
Jonathan
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
Hi Jonathan, On 8/21/11 12:07 PM, Jonathan Underwood wrote:> Something I''ve been meaning to mention for a while is that for the > Fedora/EPEL packages we have to fix up some of the file permissions > which are a little odd as installed by the setup scripts. Specifically > the changes we seem to need to make are: > > chmod 644 $RPM_BUILD_ROOT%{_datadir}/shorewall-lite/{helpers,modules} > chmod 644 $RPM_BUILD_ROOT%{_datadir}/shorewall6-lite/{helpers,modules} > chmod 755 $RPM_BUILD_ROOT/sbin/shorewall-lite > chmod 755 $RPM_BUILD_ROOT/sbin/shorewall6-lite > chmod 644 $RPM_BUILD_ROOT%{_sysconfdir}/shorewall-lite/shorewall-lite.conf > chmod 644 $RPM_BUILD_ROOT%{_sysconfdir}/shorewall6-lite/shorewall6-lite.conf > chmod 755 $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/01-shorewall > > I''m not sure if this is something you would want to fix in the scripts > as you probably have good reasons for chosing the permissions you do, > but I thought I''d mention it. >I see the -lite products as being something to be installed on embedded systems where root is the only defined user. I would be interested to hear why you have chosen to enable non-root users as shown above. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ uberSVN''s rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev
On 22 August 2011 01:24, Tom Eastep <teastep@shorewall.net> wrote:> I see the -lite products as being something to be installed on embedded > systems where root is the only defined user. I would be interested to > hear why you have chosen to enable non-root users as shown above.Well, in the case where only root exists, I don''t think the permission changes actually have any consequence. I suppose the use case I imagined for Fedora was someone trying out the -lite products on a Fedora install (itself not really suited to an embedded platform) ahead of using it on some sort of embedded system. In truth, it was mostly to shut rpmlint up :). J. ------------------------------------------------------------------------------ uberSVN''s rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev
On Aug 21, 2011, at 5:36 PM, Jonathan Underwood wrote:> On 22 August 2011 01:24, Tom Eastep <teastep@shorewall.net> wrote: >> I see the -lite products as being something to be installed on embedded >> systems where root is the only defined user. I would be interested to >> hear why you have chosen to enable non-root users as shown above. > > Well, in the case where only root exists, I don''t think the permission > changes actually have any consequence. I suppose the use case I > imagined for Fedora was someone trying out the -lite products on a > Fedora install (itself not really suited to an embedded platform) > ahead of using it on some sort of embedded system. In truth, it was > mostly to shut rpmlint up :). >Okay -- then I think that I will leave the installer the way it is and you can handle appeasement of rpmlint :-) -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ uberSVN''s rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev